Feedback & Followups
- Pegasus/NSO Group: Apple Lawsuit Goes After Spyware Firm NSO Group — tidbits.com/…
- Apple Digital IDs:
- Apple delays iOS 15’s driver’s license support until ‘early 2022’ — www.imore.com/…
- Reporting from CNBC reveals details of Apple’s contract with states rolling out their new digital drivers licenses etc. — Report details the control Apple has over states & their digital ID card rollout — www.imore.com/… (the original report pus a very anti-Apple spin on things, but the information is interesting)
- Apple get to control the devices that will and won’t offer the feature, and when it rolls out
- The states have to run the back-end and are responsible for asserting people’s identities.
- The States have to publicise the service, and Apple gets to OK the marketing materials
- iOS 15 Mail Privacy Protection: Security researchers have noticed that the AppleWatch doesn’t support Apple’s new mail privacy features, so if you enable the feature on your iPhone, but use your Apple Watch to read emails, your watch will use your real IP address to load any remote images in your emails — nakedsecurity.sophos.com/…
- Apple’s iOS Privacy Protections: Apple’s carrot to go with their App Tracking Transparency stick is Private Click Measurement – it gives advertisers information on the effectiveness of their ads without compromising user privacy. Initially, the feature was only available for web ads, but Apple have now expanded it to in-app ads — www.macobserver.com/…
- Social Media Updates:
❗ Action Alerts
* On November 17… an unauthorized third party gained access to certain authentication information for administrative services, specifically, the customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords.
* We are taking several steps to protect you and your data. First, we have blocked the unauthorized third party from our systems.
* Second, we have reset your WordPress Admin login credentials, sFTP password and your database password. Your website is still up and running, but you won’t be able to edit content until you set new passwords.
Worthy Warnings
- There’s currently an un-patched vulnerability in many Intel chips that lets attackers with physical access bypass full disk encryption and install malicious malware. The machines are vulnerable to so-called evil maid attacks. Intel are working on a patch, but for now all we can do is avoid allowing our Intel-powered machines out of our physical control — www.macobserver.com/…
- 🇺🇸 A data breach at California Pizza Kitchen appears to have leaked personal data, including SSNs, of over 100K former & current employees (the company is not being particularly transparent) — techcrunch.com/…
- 🇺🇸 The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back – Krebs on Security — krebsonsecurity.com/…
- 🇺🇸 US government securities watchdog spoofed by investment scammers – don’t fall for it! — nakedsecurity.sophos.com/… (in this instance it was the SEC who were spoofed, but it could of course be any agency from any government in any country)
Notable News
- Apple Outlines How It Will Notify Users Who Have Been Targeted by State-Sponsored Spyware Attacks — www.macrumors.com/…
- 🇷🇺 Moscow tells 13 mostly U.S. tech firms they must set up in Russia by 2022 — www.reuters.com/… (including Apple, Google, Facebook, Twitter & TikTok)
- 🇺🇸 The US Federal Trade Commission (FTC) has declared the user-hostile ‘click to subscribe, call to cancel’ dark pattern illegal – it must be as easy to unsubscribe as it is to subscribe — www.macobserver.com/…
- 🇺🇸 Banks must report major cyber incidents within 36 hours under finalized regulation — www.cyberscoop.com/…
- 🇬🇧 A Cautionary Tale: The Belfast Health Trust in Northern Ireland offers us all a timely reminder to be careful about the things we throw away — the trust donated a filing cabinet to a local charity shop without emptying it first, this was a big mistake because it contained files marked Strictly Confidential that contained personal contact details for senior staff, and, most embarrassingly of all, a risk assessment report investigating how to better protect patient data! You need to protect all your files, paper and digital! — www.belfasttelegraph.co.uk/…
Palate Cleansers
- 🎧 The EFF’s How to Fix the Internet podcast is back for a second series — www.eff.org/…
- 🎧 The podcast Business Wars has recently finished a 7-part series on the whole fascinating crypto story – the rise of Bitcoin, the rise and fall of Mt. Gox, the sordid story of the Silk Road, and much more! Here’s a link to the first episode: Business Wars: Crypto Wars 1 | Generate Coins — overcast.fm/…
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |